Privacy-friendly QR codes for identity

Retour à la liste des conférenciers et sessions
May 20 02:20 PM EDT

Talks will be streamed on YouTube and Twitch for free.


Presenting personal information in the form of a QR code has become a daily reality for many during the Covid pandemic: in Quebec, people showed their immunization information using the government-issued VaxiCode, a SMART Health Card (SHC) credential that follows a medical standard adopted in Canada and in many other countries. The paradigm of presenting information about oneself can easily be generalized beyond this health scenario. In this presentation, I’ll first give an overview of the SHC framework, focusing on its security features and describing its deployment in Canada. I’ll then present a generic framework to issue QR codes that can encode attributes of any type. I’ll introduce a strong privacy feature allowing users to only disclose a subset of the encoded attributes, addressing one of the main privacy critiques of SHCs. Finally, I’ll give a demonstration and describe the open-source specification and reference implementation for this generic framework.

Outline of the presentation:

  • SMART Health Card (SHC)
  • Overview of the SHC framework, and of its overseeing organization VCI
  • Security analysis of SHC, including: key management, cryptographic signatures, revocation of issuers and SHCs, and trust establishment (trusted issuer directory and auditing)
  • Claims QR
  • Presentation of the Claim QR framework for generic attributes
  • Hash-based mechanism for selective disclosure of attributes
  • Overview of the open-source specification and reference implementation
  • Demo (issuance and validation of generic attributes)
  • Q&A

Christian Paquin Principal Program Manager, Microsoft Research

Christian is a Principal Program Manager in Microsoft Research’s Security and Cryptography team. For the last 20 years, Christian has been living at the edge of academic research and industry, with a focus on privacy-preserving identity technologies (notably, U-Prove). Christian joined the COVID response effort, and helped with the design of the SMART Health Card framework; he contributed to the specification, and co-implemented the developer tools to validate SHC implementations. Post-quantum cryptography and zero-knowledge proofs otherwise keep him busy. Based in DC, Christian is always happy to visit his native Montreal.